Reputation: 97
How to have seperate sessions on 2 asp.net applications
I have got two asp.net applications (.NET 4.5) on the same application pool on the same IIS (7.5). Their authentication tables are from two different databases. My problem is that when I log into one application, I get logged into the other as well (even if the other application doesn't have the same user id).
Clearly, the two applications are sharing the same session. I have updated the Web.config file in each of the applications as follow:
<sessionState
cookieName="some_unique_name"
timeout="30">
</sessionState>
<membership defaultProvider="SqlProvider">
<providers>
<clear/>
<add
name="SqlProvider"
type="System.Web.Security.SqlMembershipProvider"
connectionStringName="AuthCorporate"
applicationName="some_unique_name"/>
</providers>
</membership>
It may have to do with configuring Identity and Authentication. My ConfigureAuth() in Startup.Auth.cs looks like this:
public void ConfigureAuth(IAppBuilder app)
{
// Enable the application to use a cookie to store information for the signed in user
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
LoginPath = new PathString("/Account/Login")
});
}
What am I missing to make these two applications have their own separate sessions? Thanks in advance.
Nay
Upvotes: 1
Views: 503
Answers (2)
Reputation:
It is very simple... give each site its own application pool. Application pool are there to provide a level of separation/security... like avoiding cross over of data in sessions. Best thing is it only takes 10 seconds to fix your problem. I hope this helps.
Upvotes: 0
Reputation: 1686
In your comments yous sayd that you are using Identity with MVC 5. Probably there is a file called Startup.Auth.cs in your App_Start folder. This contains the second part of the partial (OWIN) Startup class where the authentication is configured.
In this class you should configure cookieauthentication, probably with a unique cookiedomain / cookiename:
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = DefaultAuthenticationTypes.ApplicationCookie,
CookieDomain = ".My1stApp.com",
CookieName = "App1CookieName",
LoginPath = new PathString("/Account/Login"),
Provider = new CookieAuthenticationProvider
{
OnValidateIdentity = SecurityStampValidator.OnValidateIdentity<ApplicationUserManager, ApplicationUser>(
validateInterval: TimeSpan.FromMinutes(30),
regenerateIdentity: (manager, user) => user.GenerateUserIdentityAsync(manager))
}
});
Upvotes: 1
Related Questions
- ASP.NET web app sessions issue
- Share same SessionId between two asp.net web applications
- Multiple ASP.NET web applications with common Login(authentication)
- IIS7: Sharing Sessions Between Applications With State Server
- Maintain single session for multi application running in different server
- One application, different domains: how to preserve sessions on ASP.NET?
- Sharing session between two ASP.NET applications, where one is nested within the other
- Separate ASP.NET Applications, Shared Sessions?
- Asp.Net sharing session across multiple web applications?
- Share session among asp.net balanced applications without saving session in DB